Supply chains are incredibly complex, with the interconnected networks of partner companies sourcing materials and moving them to production. Since they involve so many steps, workers and companies there's potential for something to go wrong at some point. Security is even more challenging due to the increasing number of network devices as companies seek to improve their business, manufacturing and supply chain operations. This device boom means more supply chain manipulation opportunities. Interruptions can occur at any point in the supply chain, opening the doors to security risks. Organizations cannot identify that something went wrong let alone when, where and how a compromise occurred.
Prioritizing focus on the "physical layer"
Knowing that supply chains rely on numerous partnerships with organizations and vendors worldwide, hackers can identify a weak link in one of these relationships and exploit a partner's poor security measures and compromise an organization's product. Current solutions are designed to protect the organization from software breaches, hardware manipulations go unnoticed. The existing solutions involve traffic monitoring, which only works if a device emits traffic or is active. They do not encompass physical layer visibility to determine with absolute certainty exactly what a device is. Some devices go completely undetected with these current solutions.
The global sourcing of foreign materials has led to even more vulnerabilities for organizations. Someone may insert a tiny chip or banned part into a device while it is with an overseas vendor. Without proper visibility encompassing the physical layer, organizations will be unaware of manipulation until hackers make their way to the operating systems and other applications. Having a compromise go unnoticed could lead to devastating consequences later on.
What is physical layer visibility?
Realizing they must account for all types of risks and manage all IT/OT/IoT assets, many companies reliant on the supply chain are looking to add a solution focusing on this layer. One ensuring 100% visibility to their cybersecurity offerings. It is essential for asset risk management as it allows an organization to see each device for precisely what it is, detecting any abnormalities in real time such as an unauthorized hardware implant. Once this type of anomaly is detected, security teams are alerted so they can take action or automatically mitigate risk using their existing security orchestration, automation and response (SOAR) tools.
Without physical layer visibility, device integrity is in question. It also enables the organization or its security professionals to flag a prohibited product. Whether the compromise was intentional or not and whether it will result in a bad actor accessing data, the organization is alerted to the presence of something that could pose risks.
One of these things just doesn’t belong
There’s a song that played on classic episodes of “Sesame Street” with the lyrics: “One of these things is not like the others/ One of these things just doesn't belong/ Can you tell which thing is not like the others/ By the time I finish my song?”
The song advises children to detect something unusual, not unlike the message of Section 889 of the 2019 National Defense Authorization Act for adults, which ensures that federal agencies do not use products of banned vendors meaning things that do not belong in devices. Physical layer visibility allows adherence to this directive, enabling organizations that rely on the supply chain to ensure that all parts are compliant, and nothing prohibited is in a device.
CISA bolsters the message
In October, CISA highlighted asset visibility and vulnerability management detection as a directive on the federal level. We expect attention to that directive to trickle down to the commercial market next. Bad actors strike when people are distracted, and distractions make it challenging to view assets independently. Physical layer visibility and asset risk management are essential for organizations to account for any risks that arise along the supply chain.
Our company's internal research predicts an increase of 39% in assets with a high-risk factor next year alone. This is a call to action for organizations to prioritize physical layer visibility in 2023. And it will be significant for companies that rely on the supply chain as global cybercrimes on supply chains are estimated to grow by 15% annually. This increase is attributable to attackers focusing on emerging technologies to increase the efficacy of their malicious methods.
Establishing the groundwork for asset risk management
Because it is at the core of asset risk management, organizations must establish asset visibility first by inventorying all devices. All details about each device must be understood and documented during that process. The asset risk management platform can then use this information to understand a device's risk.
To protect the end user from any compromises at any point along the supply chain, the following are some initial elements of what a solution encompassing physical layer visibility might entail:
● A focus on device existence
As mentioned earlier, current security solutions involve traffic monitoring which assesses device activity. A physical layer-based solution focuses on device existence rather than device activity. Offering heightened visibility that provides organizations with an extensive view of the entire asset infrastructure, managed or unmanaged including hidden devices invisible to other security tools. Such a solution prevents unwanted devices from gaining network access.
● An objective score for every connected asset
Scoring enables the prioritization of devices to address the highest risks. The National Institute of Standards and Technology (NIST) advises organizations to identify those systems and components that are most vulnerable and will cause the greatest organizational impact if compromised.
● Knowledge of all device properties
Knowing all properties of each device ensures compliance with zero trust. Only recognized profiles are authorized and authenticated as users. One can obtain this knowledge and establish a score for each device during the inventory stage.
● The capability of policy enforcement to control asset usage
By enforcing policies, any assets that breach the preset rules or get recognized as known attack tools are immediately blocked, enabling instant and automated risk mitigation.
Knowledge is power; asset visibility's impact on asset risk management attests to this fact. Complete familiarity with the physical layer and each network device helps develop a plan to mitigate risks that could lead to attacks. Only once this oversight is achieved will we be able to spot what doesn't belong and has the potential to jeopardize an organization.